StratusLab is co-funded by theEuropean Community’s Seventh

Framework Programme (Capacities)Grant Agreement INFSO-RI-261552

Marketplace & Image Metadata

ACGRID-III (Hanoi)

1 November 2011

2

StratusLab Marketplace

Machine image creation is a barrier to cloud adoption Creating virtual machine images is time-consuming Ensuring that machines are secure and correct is difficult Sharing existing machines lowers this barrier

Marketplace facilitates sharing of images Registry of metadata for machine & disk images Image contents are kept in cloud, grid, or web storage

Benefits End-users: browse and use existing images for their analyses Creators: publicize their work and attract larger user base Cloud Admins.: Use metadata to evaluate trustworthiness of images

3

Interfaces

REST interface Exposes a simple HTTP-based REST interface Easy to program against in all languages

Web interface REST interface also allows browsing via a web browser Signed entries can also be uploaded via the browser

Endpoint: In your ~/.stratuslab/stratuslab-user.cfg:

marketplace_endpoint = http://cloud-lal.stratuslab.eu:8081

4

Web Portal

5

Metadata Entries Search

6

Metadata Entry details

7

Metadata

Image metadata Must conform to a defined schema Uses the RDF-XML format Must be cryptographically signed with a (grid) certificate Must contain image ID and checksums to make connection to image May contain location elements with image content URL(s)

8

Workflow

Typical Marketplace workflow: Create image from scratch or based on existing image Upload the image to cloud, grid, or web storage area Create the metadata for the image Sign the metadata with your (grid) certificate Upload the signed metadata to the Marketplace

9

Creating & Uploading Image

Creating an image is a time consuming process…

Cheat (!) and just copy ttylinux image from appliance repository:

See link on agenda page: https://www.egi.eu/indico/contributionDisplay.py?contribId=65&confId=452

Uploading of image Skip this for now: image already exists in the appliance repository. Normally, it would be transferred to cloud, grid, or web storage. Images must be accessible via http(s) at the moment. Location URL(s) would usually be part of the metadata.

10

Create Metadata Description

Use stratus-build-metadata for creating metadata:

Wait for the unknown state, then kill (remove) the instance:

Look at the contents of the file: Identifier is based on SHA-1 checksum and looks like

"LwcRbwCalYSysY1wftQdAj6Bwoi" Checksums ensure that downloaded images match the metadata Empty endorser element and no signature element Normal file would have location elements(<slterms:location>…

<slterms:location>); Edit ttylinux-9.7-i486-base-1.3.xml to define image location <dcterms:compression> element is empty, so fill it.

$ stratus-build-metadata \ --author='your name' \ --os=ttylinux \ --os-version=9.7 \ --os-arch=i486 \ --version=1.3 \ ttylinux-9.7-i486-base-1.3.img.gz

11

Create Metadata Description

Try to validate the unsigned metadata file: There is no signature so the file should not be valid

Sign the contents of the file with a grid certificate: ttylinux-9.7-i486-base-1.3.xml ttylinux-9.7-i486-base-1.3.xml.orig ttylinux-9.7-i486-base-1.3.xml contains endorser and signature

elements

$ stratus-validate-metadata ttylinux-9.7-i486-base-1.3.xml Invalid: ttylinux-9.7-i486-base-1.3.xmlno signature

$ stratus-sign-metadata \ --p12-cert grid.p12 \ --p12-password xxxxxx \ ttylinux-9.7-i486-base-1.3.xml Manifest file successfully signed: ttylinux-9.7-i486-base-1.3.xml

$ stratus-validate-metadata ttylinux-9.7-i486-base-1.3.xmlValid: ttylinux-9.7-i486-base-1.3.xml

12

Upload Metadata Description

File can be uploaded via the command line: stratus-upload-metadata

Note: Depending on the configuration of the server, it may validate the email address in the metadata

description before it is made visible.

$ stratus-upload-metadata \ttylinux-9.7-i486-base-1.3.xml

http://cloud-lal.stratuslab.eu:8081/metadata/LwcRbwCalYSysY1wftQdAj6Bwoi/email address/2011-09-13T09:58:54Z

13

Web Upload of Metadata

14

Using an Image in the Marketplace

Pass the URL for metadata entry when starting instance. stratus-run-instance LwcRbwCalYSysY1wftQdAj6Bwoi Use normal machine lifecycle to control machine.

StratusLab cloud will validate image before running it: stratus-policy-image: invokes site policy to determine if the referenced

image can be used; includes endorser white lists, checksum black lists, etc.

15

Image deprecation

May want to invalidate an image: stratus-deprecate-metadata deprecates an image and gives a reason

Try running the image; what happens?

Put back standard Marketplace endpoint!

$ stratus-deprecate-metadata \ --reason=“JUST FOR FUN” \ --p12-cert=/Users/loomis/.globus/cert.p12 \ --p12-password=XXXXXX \ $TTYLINUX_ID

http://cloud-lal.stratuslab.eu:8081/metadata/LwcRbwCalYSysY1wftQdAj6Bwoi/loomis@lal.in2p3.fr/2011-09-21T14:52:43Z

Copyright © 2011, Members of the StratusLab collaboration: Centre National de la Recherche Scientifique, Universidad Complutense de Madrid, Greek Research and Technology Network S.A., SixSq Sàrl, Telefónica Investigación y Desarrollo SA, and The Provost Fellows and Scholars of the College of the Holy and Undivided Trinity of Queen Elizabeth Near Dublin.

This work is licensed under the Creative CommonsAttribution 3.0 Unported Licensehttp://creativecommons.org/licenses/by/3.0/